Skip to main content

SIP Authentication In Mobicents

1 reply [Last post]
bijuvarghese
Offline
Joined: 2009-07-21

Hi,
I would like to integrate Mobicents with my database. For a given user, I've password stored in the database. I would like to authenticate the SIP requests (REGISTER and INVITE). Following is what I plan to do.
* Configure login-config.xml as mentioned in http://www.mobicents.org/security.html
* Introduce a new SIP servlet and skip processing the request if the Authorization header is missing in the request.
* Upon receiving SIP request with Authorization header, generate the response using MessageDigestResponseAlgorithm.calculateResponse and compare with the the one from Authorization header.

Is this the best way or have any other suggestion?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
vralev
Offline
Joined: 2007-04-01

Note that if you follow the step from the guide, you will set up container-managed security. Unauthenticated requests will not reach your servlets at all, thus no need to call any of these methods.

You may want to implement your own authentication, in which you generate the challenge responses for your self in your servlets and then verify the auth info from the next request. This is especially advised if you want to have your own database schema or if you want a more flexible auth store.

If you are using JBoss, to keep the same type of flexibility you would have to write your own login-module and declare it in login-config.xml: